October is a great time of year because it means there is a new Node.js major release and a new LTS version. Today, we are happy to share that the Node.js community is releasing Node.js 21 and that next week Node.js 20 will be promoted to Long Term Support (LTS). It’s all very predictable due to the community’s well defined release process.
Following the Node.js release process, Node.js 21 will not be promoted to LTS as only even-numbered versions are promoted to LTS. Even though for production deployments Red Hat only recommends and supports LTS releases, we hope that you will try out Node.js 21 community releases and provide feedback on the new functionality and features to help pave the way for later releases.
With Node.js 20 being promoted to LTS, it will now make its way into the next minor release of Red Hat Enterprise Linux (RHEL). If you want to test out the RHEL version of Node.js 20 in advance, we’ve provided CentOS stream based containers so that you can do that.
If you follow Red Hat’s work in the Node.js project, or have been following our regular updates, you’ll see that our strategy is to focus our community work on aspects we believe are important to our customers, including:
Stable and predictable releases
Code quality and safety net
Those aspects, along with working with our customers and internal teams and sharing our experience in the Node.js reference architecture, keeps us pretty busy.
Node.js 21 - What's new?
With over 1153 commits since 20.0.0 was released lots of work went into Node.js 21. Having said that, much of the work was behind the scenes fixing or refactoring existing features so the number of headline features is limited this time. Some of the interesting ones to mention include:
Fetch promoted to stable
Experimental WebSocket client support
Experimental support for better default for ESM
--experimental-default-type flags enables defaults which better suit a fully ESM implementation. This continues efforts within the project to improve developer experience for those using ESM while maintaining compatibility with CommonJS. Other approaches are also being investigated such as automatically detecting ESM when possible while the project figures out the best options for ESM developer experience.
As with most major releases, this release updates the minimum supported levels for platforms and tooling used to build Node.js. Node's building instructions document these new minimum levels. Of note, the minimum supported version of macOS has been increased to 11.0 and support for Visual Studio 2019 has been dropped.
Node.js 21 brings the npm version up to the 10.2 line in Node.js You can read more about what’s new in this version of npm in https://github.com/npm/cli/releases.
Updates to the version of many dependencies
Over the last year members of the security team worked to automate the update of dependencies used within Node.js. This ensures Node.js keeps up with the latest versions of its dependencies. You can see the result of this work based on updates to uvwasi, simduft, zilb, googletest, undici and ada from the GitHub bot as part of this release
Node.js 20 being promoted to LTS
With the promotion of Node.js 20 to LTS next week, it will be suitable for use in production. As with every release, Node.js brings features and functionally that makes moving up a good choice. We are excited to share some recent features and ongoing initiatives in Node.js 20 that have piqued our interest or in which our team has played a role. Due to how quickly features flow back into the existing Node.js release line, they all may not be technically new in Node.js 20 but they are worth mentioning as having landed since the last major release promoted to LTS. Here are a few highlights:
Stable Test Runner
WASI (Experimental) no longer a requires command line flag, and version is required
Permission model (Experimental)
Single Executable Applications (Experimental)
Tracing channel (Experimental)
You can check out the details in our previous blog, Welcome Node.js 20.
As you can see from the Node.js 20 and 21 releases, the project continues to be extremely active and is making progress on the stated technical priorities. The forward looking work in the Next-10 team has moved from identifying key work for the project to success towards tracking the evolution of key work and progress so far. It was great to see the level of participation in the survey that was run earlier this year and how the technical priorities documented by the project align with what’s important to the ecosystem.
Three specific things we’d like to call out in terms of what should be interesting going forward:
The addition of features like the test runner, fetch, arguments parser and watch show the progress being made to support a great Developer Experience as a key technical value of the project.
The revitalized security team has made progress on a number of initiatives including the assessment against best practices, automating dependency updates and much more. With the heightened interest in supply chain security we see continuing contributions from this team as important going forward.
The performance team which has re-ignited work on improving performance of Node.js and which has made significant progress on a number of fronts including URL parsing. We are looking forward to further improvements over the next year.
A big thank you
We’d like to thank all of the people who contribute to Node.js releases, including Rafael Gonzaga and Michaël Zasso, on the Node.js community releaser team, who created and coordinated the Node.js 21 release. The community has a large cast of contributors working across the Node.js project and each release is the result of all of their hard work.
As a side note, we’d also like to continue to thank the companies/individuals who have stepped up to help with security releases as security release stewards or as part of the security triage team, along with all of those who make security releases happen. The major releases are the big splash, but security releases are just as important. We’d like to see more companies committing to help with security triage, security stewardship as well as fixing vulnerabilities.
You can read about all the new features and changes in the community post. To learn more about the Node.js community and how you can contribute, check out the project repository and website. If you want to read more about what Red Hat is up to on the Node.js front, head to the Node.js developers page here. Finally, if you’re a Red Hat customer, visit the customer portal for more information.
About the authors
Senior Software Engineer at Red Hat and a Node.js Technical Steering Committee Member. Beth has been involved with the Node.js project since 2016, when she joined IBM in their Node.js Runtime Team. Now at Red Hat, she’s continuing her work around Node.js. Beth is an active member of the Node.js Release Working Group, which audits the content for and produces the Node.js releases. Her other focuses include the creation of resources and tooling to support Node.js deployments to the cloud.
Michael Dawson is an active contributor to the Node.js project and chair of the Node.js Technical Steering Committee (TSC). He contributes to a broad range of community efforts including platform support, build infrastructure, N-API, Release, as well as tools to help the community achieve quality with speed (e.g., ci jobs, benchmarking and code coverage reporting). As the Node.js lead for Red Hat and IBM, he works with Red Hat and IBM's internal teams to plan and facilitate their contributions to Node.js and v8 within the Node and Google communities. Dawson's past experience includes building IBM's Java runtime, building and operating client facing e-commerce applications, building PKI and symmetric based crypto solutions as well as a number of varied consulting engagements. In his spare time, he uses Node.js to automate his home and life for fun.